WordPress Setup Checklist

Version 1.2

The checklist is divided into five stages, each made up of 72 individual steps:







Get Required Tools

It may be useful to download and install the following free software as they will be useful for the rest of the installation (unless you have alternative software installed already):



Domain and Hosting

Buy a domain and hosting account for your WordPress website.

For examples of hosting companies, see the WordPress.org recommended webhosting companies.


Your host should meet the minimal requirements for WordPress.

Once you have created your web hosting account, please note your web hosting provider’s technical support contact details ad you may need them later.

Find out more about domain names and web hosting.



Email Account Setup

Set up an email address using your new domain for using in the rest of the WordPress installation (unless you have another email address you wish to use of course).


Contact your hosting company if you are unsure how to do this.



FTP Account Setup

Set up an FTP address using your new hosting account for using in the rest of the WordPress installation.

Contact your hosting company if you are unsure how to do this.

Find out more about FTP here.



Google Account Creation

Set up a new Google Account for using with Google integration for your WordPress website.

This will be used for Feedburner, Google Analytics, Google Webmaster Tools and also for GMail if you wish.



GMail Account Integration

If you wish to take advantage of GMail’s powerful features, you can set your new email address to use GMail.



Feedburner Account Creation

Set up a Feedburner account using your Google account.

Every WordPress website includes an RSS feed by default.

FeedBurner provides custom RSS feeds, statistics and management tools for your WordPress RSS feed.

Find out more about RSS feeds here.



Mailing List Setup

Set up an email list for using with your new WorPress website.

This list will help broadcast your content.

You will need an account with a recommended email marketing provider, for example:


Once you have set up your account, you can set up an email list for your new WordPress website.

Find out more about email marketing.



Website Monitoring Account Setup

Set up an account with the free website monitoring service mon.itor.us.

A website monitoring service is used to ensure that your site is live and responding.

Find out more about website monitoring here.



Prepare for WordPress Install

You are now ready to install WordPress. You should check out your options for installing WordPress.

There are several ways to install WordPress:

If you are unsure, you should check which one is appropriate for you by contacting your web hosting company.



Create Database and Database User

If you download and install WordPress yourself, you will need a database and a database user defined to install it correctly. You can create a database and database user in the following ways:


If you have trouble with creating a database and a database user, contact your web hosting provider.



Administrator Account Security

When installing, do not use ‘admin’ as the username for the administrator account as this can be a security risk.

Try something like your site name initials + ‘admin’ – ‘My Awesome Blog admin’ becomes ‘mabadmin’. This is less obvious but still easy to remember.

Don’t panic – this can also be changed after installation if you wish.



Install WordPress

You should decide whether you want WordPress at the root of your domain:


or in a folder:


Once you have decided and using the information obtained earlier from your web hosting company, you should install WordPress on your hosting account as appropriate.



Logon as Administrator

After the install, you can now logon using the administrator account.

The logon screen can be found by appending ‘wp-login.php’ to the end of the URL to your WordPress installation as below:




This will give you access to the WordPress Administration Screens.



Check the WordPress Address and Site Address

You can check the WordPress Address and Site Address settings by using the Settings–>General Settings menu item.

These may be fine for you as they are, but sometimes you may wish to add the ‘www’ here to each URL. Make your changes and click the ‘Save Changes’ button. You may have to logon again after any changes.

Find out more about the General Settings screen.



Check the Site Name and Site Tagline.

On the General Settings screen, you can also set your Site Name and Site Tagline.

These may been set during installation. You can leave the tagline blank if you wish. Make your changes and click the ‘Save Changes’ button.

Find out more about the General Settings screen.



Check Timezone

On the General Settings screen, you can also check your Site Timezone.

This will be set during installation. Make your changes and click the ‘Save Changes’ button.

Find out more about the General Settings screen.



Set Ping Services

WordPress can automatically notify popular Update Services that you've updated your blog by sending a ‘ping’ message each time you create or update a post. This helps increase traffic to your site.

You can set the Update Services to use on the base of the Settings Writing Screen using the Settings–>Writing menu item. Make your changes and click the ‘Save Changes’ button.

You can find out more about Update Services here.

Find out more about the Settings Writing Screen.



Delete the Sample Content

You can clean up the sample content provided in the basic WordPress installation.

· Delete the sample comment using the Comments Screen.

· Delete the first post using the Posts Screen.

· Delete the blogroll using the Links Screen.



Set Permalinks

By default WordPress uses URLs which have question marks and numbers in them which look ugly. However WordPress offers you the ability to create a custom URL structure for your permalinks (short for "permanent link").

Go to the Settings Permalinks Screen using the Settings–>Permalink menu item. Make your changes and click the ‘Save Changes’ button.

Tip: A simple and useful permalink structure is


This will provide good SEO benefits and performs well.

Find out more about the Settings Permalinks Screen.



Check Uploads Path

You can upload images, video, recordings, and files when using WordPress. These files are known as ‘Media’.

You can check the location and structure of the upload directory on the the Uploading Files section in the Settings Media Screen. This is reached by using the Settings–>Media menu item.

Tip: You can probably leave most of the settings here alone, but unchecking the setting at ‘Organise my uploads into month- and year-based folders ’ will make your files easier to find. Make your changes and click the ‘Save Changes’ button.

Find out more about the Settings Media Screen.



Check Robots.txt

The robots.txt protocol is a convention to prevent web crawlers (software used by search engines to categorise and archive web sites) from accessing all or part of a website which is otherwise publicly viewable. This is done by producing a text file on your website that the web crawlers can read.

Install a plugin for WordPress to help with this called PC Robots.txt.

Find out more about the robots.txt protocol.



Create Logo

You should consider creating a website logo at this stage as you can use it later in the installation process.

Good places to start:



Set Favicon

A favicon is an image file associated with your particular website. Your web browser can display it in bookmarks and links to your website. You can easily create a favicon with your logo by using the Dynamic Drive favicon tool.

Once you have created a favicon, you can then add it to your website using the All in One Favicon plugin.

Find out more about favicons.



Burn RSS Feed

If you created a Feedburner account earlier in the installation process, you can now setup your WordPress RSS feed to use Feed burner.

You can do this by installing a plugin or doing the process manually.



Check Visual Editor Settings

The Visual Editor in WordPress is what you type your text into to publish it on your website. Many advanced users do not like using the Visual Editor as it can add extra HTML when typing.

You can turn off the Visual Editor by going to the Users–>Your Profile menu item and checking the ‘Disable the visual editor when writing’ item.

You can also disable it globally for all users by installing a plugin.

Alternatively, you can also install a plugin that stops the automatic formatting by WordPress.



Change Administrator Account Name

If you have used ‘admin’ as the username for the administrator account this can be a security risk.

You can now change this to something different using the ‘Admin renamer extended’ plugin.

Try something like your site name initials + ‘admin’ – ‘My Awesome Blog admin’ becomes ‘mabadmin’. This is less obvious but still easy to remember. You may have to logon again after making this change.



Check Administrator Account Password and Nickname

Check that the administrator account password is secure.

You can visit the Strong Password Generator website for guidelines and a tool to produce strong passwords.

You can change the administrator account password using the Users–>Your Profile menu item. You can also change the administrators account nickname from ‘admin’ here also (the nickname is the visible name of the user on a WordPress website).



Update Unique Keys

Unique Keys makes your site harder to hack and access harder to crack by adding random elements to the password. These secret keys are stored in the wp-config.php file.

You can update these unique keys by installing the Update Unique Keys plugin. This plugin will automatically set and/or update the Authenication Unique Keys in the wp-config.php file.



Delete WordPress Installation Files

The following files can be deleted using your FTP client:

  • install.php file in the wp-admin folder of your WordPress website
  • readme.html in the root folder of your WordPress website


These files can provide are a security risk and do not need to be there for your WordPress website to function correctly.



Move wp-config.php

You can move the wp-config.php file to the directory above your WordPress install. This means for a site installed in the root of your webspace, you can store wp-config.php outside the web-root folder and it will not be available to the web.

Note that wp-config.php can be stored ONE directory level above the WordPress (where wp-includes resides) installation folder. Use your FTP client to move wp-config.php.



Remove WordPress Version

WordPress will automatically insert the current WordPress version into the head section. of every web page. This can be useful information for hackers .

Install the WP-Secure Remove WordPress Version plugin to remove this information.



Stop SQL Injection Attacks

SQL injection is a hacking technique that exploits security vulnerabilities occurring in the database layer of a web site.

Install the WordPress Firewall 2 plugin to identify and stop the most obvious SQL injection hacking attempts against WordPress.

Find out more about SQL Injection.



Change WordPress Database Prefix

You can check the security of your WordPress installation by downloading and installing the Better WP Security plugin.

This plugin will fix many issues already identified in your installation, so you may not need all the fixes. However, you should at least consider using this plugin to rename the default WordPress database prefix away from ‘wp’.



Update Htaccess Settings

A htaccess file is used by a web server to set permission and security. Your WordPress installation contains one of these files and can be used to increase security on your website.

Install the BulletProof Security plugin for a fast way to check the security of your htaccess file.

Find out more about htaccess files.



Add File Monitoring Scan

If a hacker does gain access to your WordPress website, they can make changes to your website that may not be detectable even when you login.

  • Install the WP-Malwatch plugin and it will run a nightly scan for hacked files in your WordPress files.
  • Install the WordPress File Monitor plugin and it will email you when files are added/deleted/changed.

Many of the reports may be false positives, but the information is useful. If you do get hacked, you will be alerted quickly.



Stop Comment Spam

Comment spam is endemic on the internet. Install a plugin to filter the spam comments from the real comments.

  • Akismet is the standard plugin for protecting WordPress comments from spam. You will need a WordPress.com API to use the plugin and it is only free for non-commercial use.
  • Antispam Bee is a free WordPress antispam plugin that comes highly recommended.


Find out more about the problem of spam in blogs.



Check Comment Settings

The Settings Discussion Screen allows you to set the options concerning comments (also called discussion). You can find this on the Settings–>Discussion menu item.It is here the administrator decides if comments are allowed and what constitutes Comment Spam.

  • You can also install the Subscribe to Comments plugin which allows commenters to subscribe to e-mail notifications for subsequent comments.
  • The Thank Me Later plugin will send an email to anybody who comments.

Find out more about the Settings Discussion Screen.



Prevent Brute Force Password Discovery

A brute force attack involves systematically checking all possible passwords until the correct one is found.

You can prevent brute force attacks against your WordPress website by installing the Login Lockdown plugin.

Find out more about brute force attacks.



Create Backup Plan

There are many different ways to backup your WordPress installation and files. WordPress websites need two separate backup types:

  • On demand backups of your database before upgrades.
  • Automated, scheduled offsite backups.


The options should be considered:

  • The WP-DB-Backup plugin which will allow you to create instant on demand backups of your database.
  • The BackWPup plugin which can be set to schedule an offsite backup to your FTP account.
  • The commercial plugin BackupBuddy allows you to schedule offsite backups.
  • siteautobackup.com offer a commercial fully automated website backup service.


Find out more about WordPress backups.



Plan Site Taxonomy

A site taxonomy is a grouping mechanism for content. There are two default ways to group content in WordPress:

  • Categories which group posts together. Categories can be placed in hierarchies. Think of categories as your site’s table of contents. Your categories should help identify what your site is about.
  • Tags are keywords related to your posts. Tags have no hierarchy. Tags are your site’s index words. Your tags allow micro-categorisation of your site’s content.


You can manage your tags and categories from within WordPress Administration. Most sites will work fine with these taxonomy types.

However you are not limited to just two types of taxonomy in WordPress. You create custom post types and custom taxonomies to organise your content as you wish e.g., create a job taxonomy for a jobs website or a movie taxonomy for a movie review website.

Find out more about taxonomies and custom post types.



Improve 404 Errors

404 errors happen when a page is requested that does not exist.

WordPress can handle these errors fine but you can make your 404 pages much better by installing the Smart 404 plugin.

This will plugin will perform a search of the site using keywords from the requested page and attempt to redirect the user to relevant content.



Configure Related Content

Once your visitors have finished reading one piece of content, it always a good idea to show them related content.

You can do this automatically by installing the Contextual Related Posts plugin. This will display a list of contextually related posts for the current post.



Install Maintenance Plugin

You will now be in adding pages to your website and you may not want the general public seeing your unfinished website.

Install the WP Maintenance Plugin so that your visitors will only see a maintenance page while you finish the setup.



Add Contact Page

Adding a contact form plugin such as Contact Form 7 makes adding a contact form very simple.

Install the plugin and create a contact page.



Add Utility Pages

Most websites will have pages for the following:

These pages can be created with dummy content if needed using the Just Add Lipsum plugin and excluded from menus using the Exclude Pages plugin.

Google may require sites using Adsense to have some of these pages.



Add HTML Sitemap

Some website visitors like to be browse a map of the entire site.

Install the Atlas HTML Sitemap Generator plugin and it will create a sitemap page for you automatically by using a shortcode (a special code that produces an effect when typed into a WordPress post or page).



Install a WordPress Theme

Installing a WordPress theme is easy, choosing one is difficult!

The following list should be kept in mind:

  • Free theme or premium theme?
  • What number of columns do you need?
  • Has the theme widget and menu support?
  • Do you need Adsense support?
  • Is a demo available?
  • Do you need a magazine layout?
  • Is the theme supported and updated regularly?




Configuring the WordPress Theme

Once installed you must configure your WordPress theme.

The following list if options is not exhaustive:




Test WordPress Theme with Sample Content

If you wish to test your theme , you can import the test data supplied at WordPress.org and run through some of the suggested tests.

Once you have finished with the test data you can use the Bulk Delete plugin to delete it all.



Add Mobile Support

If you wish to add mobile support for your WordPress website you have many choices of mobile theme. The following two plugins come recommended:

  • WordPress Mobile Pack will give your website a simple mobile theme that will work on most phones.
  • WPTouch will make your website look well on iPhones and Android smartphones but older phones may not work.
  • You can also install the iPhone Webclip Manager plugin which will give your website it’s own iPhone icon.
  • You can test how your site will look by using the mobiReady testing tool.



Configure Google XML Sitemaps

An XML sitemap is a list of pages of a web site accessible to a search engine. You can install the Google XML Sitemaps plugin will do this for you automatically. This will help your website get indexed more quickly and allow you to see how Google sees your site.

Once you have installed and configured your plugin, login to Google Webmaster Tools using your Google account created earlier and submit your sitemap after verifying your site with Google.

Find out more about sitemaps.



Configure Google Analytics

Web analytics is the measurement and analysis of website visitor data so that you can optimise your website. The best free tool for this is Google Analytics which you can sign up for using your Google account.

Once you have created the necessary code for your website, you can install the Google Analyticator plugin and add your code.

Find out more about web analytics.



Install WassUp Realtime Analytics

If you want to see what your visitors are up to in realtime, you can install the WassUp Realtime Analytics plugin.

This will give your a simple view of visitor interactions with your website as they browse through. Very useful and fascinating to watch.

Please note that this plugin cannot be used with certain caching plugins used to increase performance.



Configure Twitter Integration

Using your email address created earlier, you can create a Twitter account. You should then customise your Twitter profile picture and customise your Twitter page to match your website. Once your Twitter account is setup, the following plugins will integrate Twitter into WordPress:

  • The WP to Twitter plugin will post to your Twitter account when you update your WordPress website using your chosen URL shortening service such as bit.ly.
  • The Twitter Widget Pro plugin will add your Twitter feed to a widget that can be displayed on your site.
  • If you want very deep integration between your site and Twitter, then the Simple Twitter Connect set of plugins is for you. This will allow login and commenting using Twitter credentials and auto-linking to Twitter accounts.




Configure Facebook Integration

Using your email address created earlier, you can now create a Facebook account. Once your account is created, you should customise your profile and add a Facebook page to advertise your website. The following plugins can then be used to integrate Facebook into your WordPress website:




Configure LinkedIn Integration

LinkedIn is a business-oriented social networking site. If you are in business, it can be useful to link your WordPress Website to your LinkedIn profile. This can be done using the following plugins:

  • The LinkedIn SC plugin will parse your LinkedIn profile and allow you to display it on any page or post using shortcodes.
  • The LinkedIn Share Button will add a LinkedIn share button to posts and pages, allowing your visitors to share your content with their LinkedIn network.


Find out more about LinkedIn.



Add Social Media Integration

There are many social media WordPress plugins available. Here are some that may be useful:

  • The Social Media Page plugin will add a list of links to your social media profiles on a page or post of your choice.
  • The Digg Digg All-in-One Social Buttons plugin will integrate popular social buttons into WordPress easily.
  • The ShareThis plugin allows users to share your content through email and 50+ social networks.
  • Submit your RSS feed to RSS directories to increase backlinks

Find out more about social media.



Add Mailing List Integration

Using your mailing list provider account setup earlier, you can now add integrate a subscribe box for your mailing list to your WordPress website. The following plugins may help:

  • A simple way to add one or more AWeber email subscription forms to your sidebar is to use the Aweber integration plugin. Don’t forget you can also send your posts automatically to your list by setting up a blog broadcast.
  • The GetResponse Integration plugin allows you to quickly and easily add a signup form for your site.
  • The MailChimp plugin allows you to quickly and easily add a signup form for your MailChimp list.


Please check with your mailing list provider for more information. Don’t forget that you can add an email form to a text widget if no plugin is available.



Configure Adsense and Other Advertising

If you use Google Adsense, you can now integrate your adverts into your website. There are numerous plugins available to help with Adsense if you wish.

There are other options for advertising on your WordPress website.

  • The Advertising Manager plugin will allow integration with many advertising networks, including Adsense.
  • MyADManager will manage 125×125 pixel adverts on your website with automatic activation and deactivation of adverts using PayPal.



Connect to Web Monitoring Service

Using your the free account with the free website monitoring service mon.itor.us created earlier, you should now add your site to the service so that you uptime can be monitored.



Configure WordPress SEO

There are many plugins to improve WordPress SEO.

The plugins below should provide coverage for most installations.


Find out more about SEO.



Add Popup to Advertise Mailing List or Products

Adding a popup window to your website can increase subscriptions and is a great way to announce new products or services to your visitors.




Add a New Visitor Greeting

New visitors often appreciate some context and background information about your site.

You can offer them a special welcome and invite them to become permanent subscribers using the What Would Seth Godin Plugin Do (WWSGPD).

Find out more about the background to this plugin.



Add Your Sales Pages

Your sales page is where you present your products or services to your customer. A sales page can be added using any theme with some work, but there are several commercial themes that can help with sales pages directly:

You should also consider your copy writing skills when designing your sales pages.

Find out more about sales pages.



Integrate Payment or Ecommerce Provider

Now you want to get paid!

WordPress makes it extremely easy to integrate your payment processor or ecommerce functionality into your site. There are many plugins available:

You can also do recurring billing, invoicing and paid membership areas from within WordPress also.




You may now have multiple unused themes and plugins in your WordPress website.

You should now deactivate and delete any unused themes and plugins from your website. Unused themes and plugins which are not updated can be a security risk.



Increase the Performance of WordPress

You can improve the performance of WordPress using a caching plugin. The most highly recommended one is the W3 Total Cache plugin.

This plugin also has transparent content delivery network (CDN) integration which allows your content to be spread across high performance servers to increase performance.

Find out more about web caching and content delivery networks.



Test Your WordPress Configuration

Now that your website is almost complete, you should test the WordPress configuration to see if there are any issues:




Test Your Website Using Different Browsers

It is a good idea to know how your website is displayed to your visitors.

If your sign up for the free service at BrowserShots.org which will allow you to test your website in various browsers on different operating systems.

You should see how it looks in the following combinations:

  • Internet Explorer / Windows
  • Firefox / Windows
  • Firefox / Macintosh
  • Chrome / Windows
  • Safari / Macintosh
  • Firefox / Linux
  • Opera / Windows



Run a Final Security Scan

Running the following plugins may identify security issues that have been missed by any steps so far:

Some of the issues identified will be false positives, but the scan is very useful.



Add Content and Publicise

Once you have done your keyword research and created your first content then you should let the world know about your new website by creating a press release.

Well done! Time for a coffee 🙂